American Medical Association (AMA) is a governing body of health professions. It provides information regarding traditional legal issues and ethics that are important in the patient-physician relationship. The AMA Code of Medical ethics must be adhered to by health care providers in line with the profession in order to maintain confidentiality and privacy of client health information obtained in the course of providing care to the patient. Medical laws and ethics work hand in hand to ensure that health professions maintain boundaries in provisions of services to their clients, thereby building relationships based on trust; this is achieved by protecting clients’ rights around confidentiality and privacy of their medical information—patience-physician relationship issues provided as general information about traditional legal issues inherent in the provision of health care. Many of the legal issues incorporated in medical ethics stem from physicians’ obligations to patients. As stated in the AMA Code of Medical Ethics, ethical values and legal principles are closely related to the provision of health care. Due to the rapid changes in the health care system, the law does not keep pace with some of the recent fundamental changes, therefore, making it slow to incorporate new technology into health provision in terms of electronic medical records. Taking ethical high road may be able to help the physician’s patient and the best risk management strategy that will enable efficient provision of health care.
It is important that confidential medical information of a patient be entered in a computer-based patient record, and it should be done only by authorized personnel. Any corrections whatsoever made to the records should be time and date stamped, and the person making the adjustments should include his name in the records. Once the data has been entered, a physician and the patient to whom the medical records were transferred should be notified of the existence of computerized data in which medical information was stored. In a case where a patient’s records are transferred, communication of the same need to be availed to him or her and the physician as well prior to the release of the medical information to the entities authorized to transfer the records to computer databases. Any other person or organization that will need access to the computerized record databases should be well-identified in advance before approval. Disclosing full information to the patients is very important as it helps in obtaining informed consent to treatment. Patient’s medical data should be guarded appropriately in order to be able to control the people who get access to the information (Manning 1998).
Medical ethics provide that patient Information stored in the Electronic Medical Records (EMR) should be well safeguarded. Any online interactions between the patient and his physician should only be conducted over a secure network able to provide privacy and security measures such as encryption able to maintain record confidentiality and privacy at all times. A physician needs to correctly identify with the receipt receiving services online prior to handing in any information regarding the patient’s status over electronic communication, the recipient should clearly be identified and authorized to receive it. Physicians are encouraged to have a written patient authentication protocol for all practices for correct identification of the recipient via electronic databases; in addition, all members of physician’s staff who are directly linked to patient records should adhere to the protocol. For new patients or old ones who are not well conversant with the new system of comprised data record-keeping, physicians are required to keep minimum standards of patients authentication, and education on the use the computerized records should be established. Other forms of identification, such as written paper records, should be kept in conjunction with electronic ones to help inpatient authentication. Before a patient is granted permission to access their EMR, informed consent should be obtained regarding the appropriate use of the said EMR and limitations to access of personal health information in it. Physicians should be able to make guidelines in conjunction with EMR known to the patient. On the other hand, the physician should develop and adhere to guidelines and protocols for online communication and to patient access to the EMR for all patients. On occasions where the patient needs to make over-the-counter drug treatments, obtain family history and retrieve medical history, the annotation should be indicated as authorized. After the services are delivered, records should be date stamp, login, and IP address used. On-going medical care for patients should be maintained and recorded. In case a patient wants to make changes to the forensic nature records, they should only be allowed to add notations when appropriate but not delete health information that may jeopardize the accuracy of the records (AMA 2007).
Procedures within the record-keeping staff for purging the computerized database of inaccurate data should be established in the health care system. The physician and the patient should be notified before and after the data has been purged. There should be no transmutation of physician’s computerized patient records with those of client’s bureau services in the computer system. Procedures for maintaining security should be developed within the system in order to protect against future mixing up of patients reports or segments of medical records. Principles of medical ethics states require that a physician respect the rights of patients at all times, colleagues, and other health professionals and shall safeguard patient’s confidences and privacy within the constraints of the law without leaking it to the third party and such information should only be released upon expressed permission from the patient.
The computerized medical database should not be left unmanned; these records should only be online to the computer terminal requiring using the data and authorization obtained prior to accessing the medical information. Other subordinate staff in the clinical facility should not be provided access to online computerized data records containing identifiable patient’s medical information in relation to patient’s records. Security measures should be put in place to help guard these records, such as the use of passwords, encryption of information, and staff employed in the medical field should be able to use scanned badges and use other identification ways. Stringent security measures should be practiced at all times in order to supervise any unauthorized access to computer-based patient medical records. Auditing personnel must be employed to audit records in the event of unauthorized disclosure of medical data to third parties, upon retirement or termination of physician services in the data processing environment, no access to medical records pertaining to patients information to be allowed (Manning 1998).
When a patient’s physician retires or departs from the group, a patient should be notified of the activity. He or she may be asked to find a new physician and informed that upon authorization, records would be sent to the new physician. A Physician should not leak out any confidential medical data to any other party unless the agency in question is authodatabasesAccess to confidential medical data regarding patients’ health from data bases should be retrieved for specific purposes only and sto strictly to the specific time frame of ch was required of. The organization whom the data is being made available to should be warned to further release the information to unauthorized third parties or subsequent use of the data for other purposes either than the one authorized for (Manning 1998). The law requires that a physician should reveal confidential information of his patients to any other party without express consent of the patient unless the law gives such requires otherwise. Before disclosing any information, physicians should consider the goals of privacy protection of their patient’s confidential information. To ensure the integrity of health care data, privacy and security goals should always be adhered to in the process of collecting, storage, and use of health care information provided by the patient. These goals can only be achieved through fair information practice, where patient consent is sought before any use of their personal data.
The people manning computer-based data records for patients should hand in computer files to an authorized physician but not to any other person. In a case where a physician has obtained another copy of the patient records, the duplicates obtained should be erased or destroyed. In an incident of files erasure, the computer service bureau should notify the physician in writing that the erasure has taken place and the patient notified of the same (Manning 1998). It’s a serious ethical offense to collect data from a computerized or other patient’s record for marketing purposes. The individuals or organization doing so should be asked to obtain authorization and patient consent obtained upfront and fully informed about the purpose intended for the data. These principles are important in building the patient-physician relationship based on trust (Rothstein & Brody 216).
AMA policy provides that any payer, clearinghouse, vendor and any other entity that collects and uses electronic medical records and claims data adhere must abide by the following principles; a). Computer-based medical records or any data submitted by a physician to an authorized third party to accomplish the intended purpose sought thereof must be the minimum necessary for the intended purpose, b). All individuals or organizations involved in the collection and use of electronic medical records for patients must comply with the HIPAA privacy and Security Rules. c). Advance notice needs to be given to a physician before providing information for any analysis with his/her electronic medical records and claims data to authorized third parties. The purpose of the intended information should be communicated, such as where data-id going to be studied and how the results will be used. d). Any additional information that will be required to be used by a third party outside the scope of physician practice in the collection of data for the submission of transactions such as claims and eligibility must be adequately compensated by the entity requesting the data e). Principles employed in evaluating claims for analysis of physician claims or medical record data must be open for review periodically, and input by relevant outside entities be incorporated f). Method and criteria for analyzing claims in dealing with computer-based data should be made available to the physician or independent third party to re-analyze the data in case of unauthorized access. g) Clinical information collected by a data exchange network should be searched by record locater services and must only be accessed when payment needs to be done and health care operations.
If the information on electronic medical records is made available to third parties such as payer, physician, vendor, or any other entity, AMA requires that a). Warehouse vendors take full responsibility for ensuring that confidentiality, integrity, and availability of electronic medical records and claims data are adequately protected so that unauthorized uses or disclosure of the information can not be accessed. b). Electronic data records will only be made available to authorized users for purposes of public health, patient safety, treatment, quality improvement analysis, research, and medical liability defense only. c). Authorization of accessing patients’ medical records and use of individual identifiable clinical data is not enough without obtaining physician and patient consent. d). a physician must be consulted and permission granted before the transfer of data to another warehouse. Once the transfer of electronic medical records and data claims are effected, the current data must be destroyed or deleted from its data warehouse (AMA 2007).
Patients have the right to prompt and complete access to their medical records. In a case where information contained in the records could likely cause the patient to harm himself or another person, then the physician may be refused to deliver the medical records to the client. The ophthalmologist may be required to share copies of patients’ medical records, therefore, serves the best interest of the patient. However, this does not call for violation of the confidential and privacy rights of a patient. Medical records should not be withheld due to unpaid bills; the health profession may be required to charge some fee for making the requested copy. In case of the death or retirement of an ophthalmologist, medical records can be transferred to another physician holding the same ownership rights as the transferring ophthalmologist. Patient consent needs to be sought first before the transfer is done (Rothstein &Brody 221).
Given the difficulties with compliance of old laws and ethical perceptions in working together to fit computerized system, AMA emphasizes the importance of confidentiality of patients records regardless of the form in which they are stored; it studies and incorporates new legislation, the confidentiality of Health care Information of its patients and ensures that access of patient records are properly regulated. AMA will develop guidelines to help protect computerized record systems for physicians, thereby safeguarding confidentiality, integrity, and security of clients’ records. AMA is putting efforts to pursue the adoption of federal legislation that will limit third parties’ access to patients’ records without proper authorization. And if authority is obtained, only an abstract of the patient records should be retrieved necessary to evaluate for reimbursement purposes and; information thereby obtained should adhere to completion of forms accurately and case-specific, a summary of pertinent information relative to the access of patient’s medical record be provided in lieu of a copy of the records.
Works cited
AMA. 2007. H-315.000 Medical Records and Patient Privacy. Web.
Rothstein, Mark, A., Brody, Baruch, A., Laurence, McCullough, B., & Bobiski, Mary,
A. Medical ethics: Analysis of the Issues Raised by the Codes, Opinion, and Statements. BNA Books, 2001.
Manning, William, L. 1998. The Health Law Resource. Web.